Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Event ID Searching in Security logs

Status
Not open for further replies.
jerphillips

jerphillips

MIS
Oct 21, 2003
19
US
Hey guys I aquired this script from the internet that is suppose to go through the event logs looking for a certain event ID. I can get this script to run in Windows 2003 but not in Windows 2000. I don't receive any errors when it runs but I also don't get any information in the CSV file. Any help will be appreciated.

Thanks

Const ForAppending = 8
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FileExists("EventGrabber.csv") Then
fso.DeleteFile("EventGrabber.csv")
end if
Set LogFile = fso_OpenTextFile ("EventGrabber.csv", 2, True)
Set ServerList = fso_OpenTextFile ("ServerList.txt", 1)

LogFile.Writeline "Category," _
& "Computer Name," _
& "Event Code," _
& "Record Number," _
& "Source Name," _
& "Time Written," _
& "Event Type,"_
& "User," _
& "Message"


Do Until ServerList.AtEndOfStream

strComputer = ServerList.Readline
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")

Set colLoggedEvents = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Security' AND " _
& "EventCode = '528'")

For Each objEvent in colLoggedEvents
LogFile.Writeline objEvent.Category _
& "," & objEvent.ComputerName _
& "," & objEvent.EventCode _
& "," & objEvent.RecordNumber _
& "," & objEvent.SourceName _
& "," & objEvent.TimeWritten _
& "," & objEvent.Type _
& "," & objEvent.User _
& "," & replace(objEvent.Message,vbcrlf," ")
Next
Loop

Wscript.Echo "Event Grabber Finished:"
LogFile.close
ServerList.close
 
Sort by date Sort by votes
Hello jerphillips,

This is an instance where semi-synchronous mode can make material difference in speed. As you did not get runtime error with your win2k box, you should try this and grant the script some time to get done.
Code: 
Set colLoggedEvents = objWMIService.ExecQuery _
        ("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Security' AND " _
            & "EventCode = '528'",,48)
regards - tsuji
 
Upvote 0 Downvote
Actually I just won the bone head award for this one. The Event ID I was looking for is for Logging onto the Server and what I needed it for was File access. Thanks for the help
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bdwilcox
  • Locked
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
1K
SoftwareRT
SoftwareRT
lunter
  • Locked
  • Question
How to create vbArray+vbByte (8209) in *.vbs stript
Replies
0
Views
250
lunter
lunter
Michastro
  • Locked
  • Question
Send an order to an IP power in VBS
Replies
0
Views
226
Michastro
Michastro
Don Child
  • Locked
  • Question
Oracle connection works while debugging in VBSEdit, but not when run from the command line. 1
Replies
2
Views
267
Don Child
Don Child
wchull
  • Locked
  • Question
How do I resolve this permissions error in my script?
Replies
0
Views
247
wchull
wchull

Part and Inventory Search

Sponsor

Back
Top